JDK-6626700 : Request for ability to turn off authentication caching in HttpURLConnection
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 6
  • Priority: P5
  • Status: Open
  • Resolution: Unresolved
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2007-11-06
  • Updated: 2011-02-16
Description
A DESCRIPTION OF THE REQUEST :
HttpURLConnection caches all successful authentication information in a static field of AuthCacheValue/AuthorizationInfo.  I would like the ability to override this behavior so that only the Authenticator.getPasswordAuthentication() interface is used to retrieve authentication information.



JUSTIFICATION :
The request is based on a situation where I would like to explicitly authenticate an HTTP connection with credentials that were different from the previous connection to the same server.  This is to prevent the saving of successful authentication information from one connection to the next so there is more control from the public API as to which credentials are used.

Currently, the only publicly compatible way of clearing the cache is to restart the program (JVM) due to the static field in AuthCacheValue.  My clunky workaround is to use a brute-force method to clear out the entire AuthCacheValue map:

AuthCacheValue.setAuthCache(new AuthCacheImpl());

But then this relies on the Sun proprietary API which those classes belong to.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A property like:

http.auth.cacheCredentials=<boolean>

would be a nice thing to have.
ACTUAL -
There is nothing right now.

CUSTOMER SUBMITTED WORKAROUND :
My clunky workaround is to use a brute-force method to clear out the entire AuthCacheValue map between new connections:

AuthCacheValue.setAuthCache(new AuthCacheImpl());